Application Security Engineer, Senior (m/f/d)

About the role:

We’re on a search for an Senior Application Security Engineer (m/f/d) to join our Security Team.

In this role, you'll be responsible for steering the security strategy across Affinidi's various workstreams and products. This includes conducting security assessments, leading application security reviews, and overseeing threat modeling. Your technical leadership will be crucial in ensuring the successful development of a scalable and resilient holistic identity system. The position is based in Berlin.

Our work culture at Affinidi is shaped by the following tenets:   

• We are unapologetically customer-focused  
• We invest in cultures and teams to enable high performance  
• We embrace experimentation and build fast  
• We have the courage to be misunderstood  
• We work together to unlock data 

What’s in it for you:

• Driving security strategy across all the workstreams and products the teams are working on
• Providing security assessments of Affinidi platform, that includes a lot of backend services, web, mobile and desktop applications
• Providing technical leadership and subject matter expertise as a security expert to our teams
• Executing and technically leading application security reviews and threat modelling, including code review and dynamic testing
• Enabling and enhancing automated security testing at scale for our entire platform to identify and proactively resolve vulnerabilities
• Creating and delivering comprehensive training programs to enhance the organization's security posture, including the ability to create and foster a strong security culture among different teams and stakeholders
• Designing, architecting, developing, and deploying tooling that helps ship secure code faster
• Driving security issues through the incident response process to ensure risks and compliances are managed
• Working in an exciting startup environment where you can be autonomous and try new things
• Providing leadership and mentorship to engineers to ensure the successful delivery of a scalable and resilient holistic identity system.

• Bring 5+ years of experience in application security, with hands-on expertise in threat modeling, code review, and penetration testing;
• Possess strong development skills, enjoy writing and deploying code, and have a passion for achieving security excellence;
• Have experience and a keen interest in integrating and maintaining secure practices and pipelines through DevSecOps;
• Hold significant experience in Security, Software Engineering, and Secure Architecture design;
• Demonstrate deep expertise in cloud computing and native environments, especially AWS;
• Have a solid understanding of design patterns, with practical experience in developing and deploying microservices in the cloud;
• Are proactive and hands-on, with a talent for tackling technical challenges and delivering impactful, high-quality solutions.

• 1–2 years of hands-on experience in software development
• Experience with bug bounty programs, showcasing a strong understanding of vulnerability discovery and reporting
• Published security write-ups demonstrating expertise in identifying and explaining security vulnerabilities
• Knowledge of applied cryptography and secure coding practices
• Experience with decentralized storage solutions and related technologies
• Familiarity with implementing data privacy and data security solutions on blockchain and distributed storage platforms for both individuals and organizations

Our Stack is:

• Javascript/Typescript/Node.js/Python/Rust/React
• Gitlab
• AWS
• IOS/Android/Flutter
• MacOS/Windows

What can you expect from us: 

• Hybrid working model 
• Flexible working hours 
• Unlimited vacation policy 
• Competitive compensation package 
• Work within international environment 
• Learning Budget 
• Mobile Allowance 
• Home Office Allowance 
• Urban Sport Membership 

Sounds like you? Apply now! 

 #LI-AB1